Apple won’t be forced to build new software that would let the FBI into the iPhone used by one of the shooters in the San Bernardino, Calif., attacks. The bureau withdrew its legal action against the tech company Monday, and the FBI-Apple case is closed — for now.
Here’s a possible future chain of events: Apple will patch any vulnerabilities that allowed the unnamed “third party” helping the FBI access encrypted data on the phone, the FBI will be locked out of another iPhone in another investigation — and the feds will be back in court demanding that Apple help it break into the device.
A win for the feds would send chills down George Do’s spine. The CISO for Equinix, a Silicon Valley provider of data center space, said that if Apple is forced to comply with the order, it would set a “dangerous precedent” — his words as well as Apple’s — that would alter how companies do everything from plotting security strategies to just doing business. (Do spoke to me before the FBI-Apple case was dropped.)
“It would turn our whole world upside down,” Do said. “Depending on where this falls, it has the potential to change things very fundamentally.”
In the FBI-Apple case, the bureau said the software — essentially a new version of the iOS operating system — could be made for just the one phone, and then Apple could discard it. But CEO Tim Cook has maintained there would be nothing stopping the government from demanding that Apple unlock other devices as well.
If law enforcement agencies have that kind of power, companies that make, say, security software or mobile devices, will have to change the way they build their products. Encryption, no matter how strong, will no longer be best way to keep data from prying eyes, Do said.
“They’ll have to find ways around those challenges to manage risk — and that’s going to be hard,” he said.
Consumers of that software, like Equinix, would be affected, too, Do said. Encrypted security tools may no longer be the go-to software for infosec teams. It may also force them to make tactical shopping choices — especially if a certain software or hardware company is known to be in the government’s line of sight.
“Maybe we choose the company that’s less on the radar than a big, giant Apple, right?”